Nginx access restrictions and security settings-Nginx-php.cn

Home

Operation and Maintenance

Nginx

Nginx access restrictions and security settings

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 10, 2023 pm 06:33 PM

nginxSecurity Settingsrestriction of visit

Nginx is a high-performance web server and reverse proxy with the characteristics of lightweight, high concurrency, flexible configuration, etc., and is widely used in production environments. However, because its construction process is relatively simple, it still faces some security issues, so access restrictions and security settings need to be set for Nginx.

1. Access restrictions

IP restrictions

Nginx can restrict IP address access by configuring the allow and deny directives. For example, to only allow specific IP addresses to access Nginx, you can add the following code to the nginx.conf file:

location / {
    deny all;
    allow 192.168.1.100;
    allow 10.0.0.0/8;
    allow 172.16.0.0/12;
    allow 192.168.0.0/16;
}

The above code snippet means to deny all requests, and then allow the IP addresses 192.168.1.100 and 10.0 in sequence .0.0/8, 172.16.0.0/12, 192.168.0.0/16 requests. You can also set global allow and deny rules through the http directive in the configuration file.

User-Agent restrictions

User-Agent is an identification string sent by an HTTP client such as a browser, which can be used to determine whether it is the visitor himself. Or an automated program. Nginx can restrict User-Agent by configuring the if directive and the $http_user_agent variable, for example:

if ($http_user_agent ~* (wget|curl))
{
    return 403;
}

This code means that if the User-Agent contains a wget or curl string, a 403 error code will be returned.

Referer restrictions

Referer is a field in the HTTP request header, indicating the source address of the current request. Nginx can limit the Referer by configuring the if directive and the $http_referer variable, for example:

if ($http_referer ~* (baidu.com|google.com))
{
    return 403;
}

The meaning of this code is that if the Referer contains the baidu.com or google.com string, a 403 error code will be returned.

2. Security Settings

HTTPS Protection

HTTPS can better protect the security of web applications compared to the HTTP protocol, because the data is The SSL/TLS encryption algorithm is used during the transmission process. HTTPS can be enabled by adding the following code to the Nginx configuration file:

server {
    listen 443 ssl;
    ssl_certificate /path/to/cert.crt;
    ssl_certificate_key /path/to/cert.key;
    ...
}

where ssl_certificate and ssl_certificate_key will use the SSL certificate and private key to implement the encryption of the HTTPS protocol Function.

Restrict access to file directories

Nginx will expose all files and subdirectories under /etc/nginx/html by default to the website root directory, so access to the file directory needs to be restricted. You can add the following code to the nginx.conf configuration file to restrict directory access:

location / {
    root /path/to/root;
    index index.html;
    autoindex off;
    location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
        expires 1d;
        add_header Cache-Control "public";
    }
}

The above code means pointing the root directory of the website to /path/to/root, turning off the autoindex function, and restricting allowed access. file type and set the cache policy.

Security Log

In order to detect attacks in time, it is recommended to enable the logging function of Nginx. You can add the following code to the nginx.conf configuration file to record access logs:

http {
    access_log /var/log/nginx/access.log;
    ...
}

where access_log is the storage path of Nginx access logs. Logs can be stored in local files or analyzed using log analysis tools such as ELK.

Summary

Nginx access restrictions and security settings are crucial to the security of web applications. Access can be restricted through IP restrictions, User-Agent restrictions, Referer restrictions and other measures. At the same time, The security of web applications can be improved by enabling HTTPS, restricting access to file directories, and security logs. However, it should be noted that these measures can only improve the security of Web applications but cannot completely guarantee their security. Therefore, regular updates of software versions and timely patching of vulnerabilities and other measures are needed to ensure the security of Web applications.

The above is the detailed content of Nginx access restrictions and security settings. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Using NGINX: Optimizing Website Performance and ReliabilityMay 09, 2025 am 12:19 AM

NGINX can improve website performance and reliability by: 1. Process static content as a web server; 2. forward requests as a reverse proxy server; 3. allocate requests as a load balancer; 4. Reduce backend pressure as a cache server. NGINX can significantly improve website performance through configuration optimizations such as enabling Gzip compression and adjusting connection pooling.

NGINX's Purpose: Serving Web Content and MoreMay 08, 2025 am 12:07 AM

NGINXserveswebcontentandactsasareverseproxy,loadbalancer,andmore.1)ItefficientlyservesstaticcontentlikeHTMLandimages.2)Itfunctionsasareverseproxyandloadbalancer,distributingtrafficacrossservers.3)NGINXenhancesperformancethroughcaching.4)Itofferssecur

NGINX Unit: Streamlining Application DeploymentMay 07, 2025 am 12:08 AM

NGINXUnit simplifies application deployment with dynamic configuration and multilingual support. 1) Dynamic configuration can be modified without restarting the server. 2) Supports multiple programming languages, such as Python, PHP, and Java. 3) Adopt asynchronous non-blocking I/O model to improve high concurrency processing performance.

NGINX's Impact: Web Servers and BeyondMay 06, 2025 am 12:05 AM

NGINX initially solved the C10K problem and has now developed into an all-rounder who handles load balancing, reverse proxying and API gateways. 1) It is well-known for event-driven and non-blocking architectures and is suitable for high concurrency. 2) NGINX can be used as an HTTP and reverse proxy server, supporting IMAP/POP3. 3) Its working principle is based on event-driven and asynchronous I/O models, improving performance. 4) Basic usage includes configuring virtual hosts and load balancing, and advanced usage involves complex load balancing and caching strategies. 5) Common errors include configuration syntax errors and permission issues, and debugging skills include using nginx-t command and stub_status module. 6) Performance optimization suggestions include adjusting worker parameters, using gzip compression and

Nginx Troubleshooting: Diagnosing and Resolving Common ErrorsMay 05, 2025 am 12:09 AM

Diagnosis and solutions for common errors of Nginx include: 1. View log files, 2. Adjust configuration files, 3. Optimize performance. By analyzing logs, adjusting timeout settings and optimizing cache and load balancing, errors such as 404, 502, 504 can be effectively resolved to improve website stability and performance.

Deploying Applications with NGINX Unit: A GuideMay 04, 2025 am 12:03 AM

NGINXUnitischosenfordeployingapplicationsduetoitsflexibility,easeofuse,andabilitytohandledynamicapplications.1)ItsupportsmultipleprogramminglanguageslikePython,PHP,Node.js,andJava.2)Itallowsdynamicreconfigurationwithoutdowntime.3)ItusesJSONforconfigu

NGINX and Web Hosting: Serving Files and Managing TrafficMay 03, 2025 am 12:14 AM

NGINX can be used to serve files and manage traffic. 1) Configure NGINX service static files: define the listening port and file directory. 2) Implement load balancing and traffic management: Use upstream module and cache policies to optimize performance.

NGINX vs. Apache: Comparing Web Server TechnologiesMay 02, 2025 am 12:08 AM

NGINX is suitable for handling high concurrency and static content, while Apache is suitable for dynamic content and complex URL rewrites. 1.NGINX adopts an event-driven model, suitable for high concurrency. 2. Apache uses process or thread model, which is suitable for dynamic content. 3. NGINX configuration is simple, Apache configuration is complex but more flexible.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

Video Face Swap

Swap faces in any video effortlessly with our completely free AI face swap tool!

Hot Article

Roblox: Grow A Garden - Complete Mutation Guide

3 weeks agoByDDD

Roblox: Bubble Gum Simulator Infinity - How To Get And Use Royal Keys

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

How to fix KB5055612 fails to install in Windows 10?

3 weeks agoByDDD

Blue Prince: How To Get To The Basement

1 months agoByDDD

Nordhold: Fusion System, Explained

3 weeks agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

VSCode Windows 64-bit Download

A free and powerful IDE editor launched by Microsoft

Dreamweaver Mac version

Visual web development tools

mPDF

mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),